From 524b7dcc48968c06fd03c6e127b8797db57608f8 Mon Sep 17 00:00:00 2001 From: kasperk81 <83082615+kasperk81@users.noreply.github.com> Date: Sat, 1 Oct 2022 18:55:14 +0300 Subject: [PATCH 1/5] block port# 5060 and 5061 to avoid slipstream attack https://chromestatus.com/feature/5064283639513088 --- src/mono/wasm/host/WebServerStartup.cs | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/mono/wasm/host/WebServerStartup.cs b/src/mono/wasm/host/WebServerStartup.cs index 64bf9e7cccbac5..865538903b0692 100644 --- a/src/mono/wasm/host/WebServerStartup.cs +++ b/src/mono/wasm/host/WebServerStartup.cs @@ -38,7 +38,7 @@ public static int StartDebugProxy(string devToolsHost) //on managed code will freeze because it will not be able to continue executing the BrowserDebugProxy to get the locals value var executablePath = Path.Combine(System.AppContext.BaseDirectory, "BrowserDebugHost.dll"); var ownerPid = Environment.ProcessId; - var generateRandomPort = new Random().Next(5000, 5300); + var generateRandomPort = GetNextRandomExcept(5000..5300, 5060, 5061); var processStartInfo = new ProcessStartInfo { FileName = "dotnet" + (RuntimeInformation.IsOSPlatform(OSPlatform.Windows) ? ".exe" : ""), @@ -52,6 +52,18 @@ public static int StartDebugProxy(string devToolsHost) throw new InvalidOperationException("Unable to start debug proxy process."); } return generateRandomPort; + + static int GetNextRandomExcept(Range range, params int[] except) + { + int current = Random.Shared.Next(range.Start.Value, range.End.Value); + + while (Array.IndexOf(except, current) > -1) + { + current = Random.Shared.Next(range.Start.Value, range.End.Value); + } + + return current; + } } public void Configure(IApplicationBuilder app, From 9cf057884c8b5adcbc72005aefbf9ecc7477e546 Mon Sep 17 00:00:00 2001 From: kasperk81 <83082615+kasperk81@users.noreply.github.com> Date: Sat, 1 Oct 2022 19:03:13 +0300 Subject: [PATCH 2/5] do-while --- src/mono/wasm/host/WebServerStartup.cs | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/mono/wasm/host/WebServerStartup.cs b/src/mono/wasm/host/WebServerStartup.cs index 865538903b0692..62da172b680049 100644 --- a/src/mono/wasm/host/WebServerStartup.cs +++ b/src/mono/wasm/host/WebServerStartup.cs @@ -55,12 +55,11 @@ public static int StartDebugProxy(string devToolsHost) static int GetNextRandomExcept(Range range, params int[] except) { - int current = Random.Shared.Next(range.Start.Value, range.End.Value); - - while (Array.IndexOf(except, current) > -1) + int current; + do { current = Random.Shared.Next(range.Start.Value, range.End.Value); - } + } while (Array.IndexOf(except, current) > -1); return current; } From 93d0ddf40ab9080768d6aaa3fa9ab94b802610ed Mon Sep 17 00:00:00 2001 From: kasperk81 <83082615+kasperk81@users.noreply.github.com> Date: Mon, 3 Oct 2022 16:34:48 +0300 Subject: [PATCH 3/5] add comments --- src/mono/wasm/host/WebServerStartup.cs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/mono/wasm/host/WebServerStartup.cs b/src/mono/wasm/host/WebServerStartup.cs index 62da172b680049..680720d727b97c 100644 --- a/src/mono/wasm/host/WebServerStartup.cs +++ b/src/mono/wasm/host/WebServerStartup.cs @@ -38,7 +38,11 @@ public static int StartDebugProxy(string devToolsHost) //on managed code will freeze because it will not be able to continue executing the BrowserDebugProxy to get the locals value var executablePath = Path.Combine(System.AppContext.BaseDirectory, "BrowserDebugHost.dll"); var ownerPid = Environment.ProcessId; - var generateRandomPort = GetNextRandomExcept(5000..5300, 5060, 5061); + // generate a random port in a given range, skipping the ports blocked by browsers: https://chromestatus.com/feature/5064283639513088 + var generateRandomPort = GetNextRandomExcept(5000..5300, + 5060, // SIP + 5061, // SIPS + ); var processStartInfo = new ProcessStartInfo { FileName = "dotnet" + (RuntimeInformation.IsOSPlatform(OSPlatform.Windows) ? ".exe" : ""), From 79da9053322e953c9664c6ae6720650c718b69bd Mon Sep 17 00:00:00 2001 From: kasperk81 <83082615+kasperk81@users.noreply.github.com> Date: Mon, 3 Oct 2022 17:32:24 +0300 Subject: [PATCH 4/5] trailing comma --- src/mono/wasm/host/WebServerStartup.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mono/wasm/host/WebServerStartup.cs b/src/mono/wasm/host/WebServerStartup.cs index 680720d727b97c..129c0dbe84dca0 100644 --- a/src/mono/wasm/host/WebServerStartup.cs +++ b/src/mono/wasm/host/WebServerStartup.cs @@ -41,7 +41,7 @@ public static int StartDebugProxy(string devToolsHost) // generate a random port in a given range, skipping the ports blocked by browsers: https://chromestatus.com/feature/5064283639513088 var generateRandomPort = GetNextRandomExcept(5000..5300, 5060, // SIP - 5061, // SIPS + 5061 // SIPS ); var processStartInfo = new ProcessStartInfo { From 86cc84f7052daa5eef852847a7e9d19037047f3e Mon Sep 17 00:00:00 2001 From: kasperk81 <83082615+kasperk81@users.noreply.github.com> Date: Mon, 3 Oct 2022 18:51:34 +0300 Subject: [PATCH 5/5] whitespace --- src/mono/wasm/host/WebServerStartup.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mono/wasm/host/WebServerStartup.cs b/src/mono/wasm/host/WebServerStartup.cs index 129c0dbe84dca0..4025bf928441c2 100644 --- a/src/mono/wasm/host/WebServerStartup.cs +++ b/src/mono/wasm/host/WebServerStartup.cs @@ -39,7 +39,7 @@ public static int StartDebugProxy(string devToolsHost) var executablePath = Path.Combine(System.AppContext.BaseDirectory, "BrowserDebugHost.dll"); var ownerPid = Environment.ProcessId; // generate a random port in a given range, skipping the ports blocked by browsers: https://chromestatus.com/feature/5064283639513088 - var generateRandomPort = GetNextRandomExcept(5000..5300, + var generateRandomPort = GetNextRandomExcept(5000..5300, 5060, // SIP 5061 // SIPS );